On immortal bits

On immortal bits

Summary: We are, it turns out, careless with our data. Researchers from BT and the University of Glamorgan (Wales) as well as "data wiping specialists" LifecycleServices (which I picture as a sort of digital mortuary) and the University of Edith Cowan in Australia bought and scanned some 300 used hard drives.

SHARE:
TOPICS: Data Management
3

We are, it turns out, careless with our data. Researchers from BT and the University of Glamorgan (Wales) as well as "data wiping specialists" LifecycleServices (which I picture as a sort of digital mortuary) and the University of Edith Cowan in Australia bought and scanned some 300 used hard drives. According to the researchers, 49 percent (of those that worked) contained sensitive personal information. Two actually had material indicative of "potential" criminal activity; these were turned over to police.

So what?

This study has been done before with similar results. For better or worse, erasing your tracks is hard, even if you conscientiously try to do it. (I wonder how many people think dropping a file into the recycle bin is enough?) It's not like the good old days when you could use DOS's format command and be confident (couldn't you?) that your bits had gone to their reward. Format is still with us, though it's not available to the casual Windows user. (This is probably good: I'm sure it accounted for more than its fair share of suicides.) Online backup services further complicate things: The really effective ones will have copies of your "deleted" files safely ensconced in mountain bunkers, waiting patiently for a hacker or a subpoena. Our tracks have multiplied, too: In addition to the files we explicitly create, there are temp files and browser logs and registry entries.

An exciting new complication: Microsoft Vista apparently has a sort of "time machine" function that automatically retains old images of files. That feature could save your life, but it will probably make covering your tracks even trickier. As storage gets cheaper and people become more (offsite) backup-conscious (sysadmins pray fervently for this, so it'll surely happen someday), we can look forward to a time when information simply doesn't disappear, no matter how hard you might rub the eraser.

Topic: Data Management

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Convenience at what price?

    I can understand sys admins wanting to farm out storage, but is it worth it when you look beyond the short term dollar saved?

    I?m a retired computer systems project manager. Prior to that I hired in as a sys admin and then became a developmental analyst which is nothing more than a fancy name for programmer. With that experience I?ve see the damage an old innocent e-mail questioning a process or product can do in a large multinational corporation.

    Record retention requirements aside when a company resorts to using the resources of another company the information is no longer under their direct control. That means they are letting some one else take care of the data security for which they are responsible. As a corporation I would trust no one with my data, nor would I want that data to leave my direct control.

    Off site, or on line storage looks good from the dollar approach to management and it looks good to IT as one less head ache to manage. Still, you are trusting that the company managing your data has absolute control over that data and that data is secure. They have employees and it is at least one more system on which your data resides. You are in reality giving more people direct access to your data regardless of what they claim. All security has some holes and employees from top management to the bottom of the food chain have been known to go astray. Some of those in very high profile cases.

    Another potential problem is government agencies accessing your data with out you ever knowing. In today?s atmosphere this has become a very real concern and sensitive area.

    So in the era of the immortal bit we have to be doubly cautious of even a bit, even paranoid which is a requirement for security people any way.

    Years down the road some one may come across a string of those bits taken out of context and they will come back to bite the corporation in a very sensitive spot requiring some extremely expensive therapy to fix. Its already happened a number of times with inhouse storage.

    To me it makes far more sense to spend the extra money on developing adequate and secure data retention on site than to put it under some one else?s control.
    rdhalsteatzd
  • Thank God I am no longer in IT, But......

    I too am concerned about the "immortal bits and bytes of forgotten archived data". And yes the hard drive on the user's computer is the first stop to check for incriminating or exculpatory or just plain old IP data.

    Archive said data on anything outside of the direct physical control of a trusted IT department is totally crazy for any company. We had an employee recently that departed on his own terms but no one in the department shed a tear at his leaving for his greener pasture. He was argumentative with the department manager, with his fellow employees and would not score a 1 on a 0 to 5 teamwork scale. He insisted on doing things his way alone. He also was the prime hardware and software architect of a new product we were trying to get out the door!

    His direct supervisor was told by the IT department to grab the computer on the instant of the fellow's 2 week notice so that it could be completely cloned for IP purposes. Instead the supervisor decided to wait until 2 days before said departure and the day after the person left, it was discovered that the system had been drive wiped completely, it wouldn't even boot up. Our fellow engineer managed to scrub the drive clean enough that most of the easily obtained drive rescue/bit-restore programs would not work. At least we got to keep the Windows XP license since it was on a beige box computer!

    It took us about 6 weeks to recover enough scattered data to get schematics; updates to same; source code and updates to same; user notes; fragments of documentation; and finally some information that indicated that part of his source code probably didn't work right since he hadn't bothered to implement the required algorithms!

    I would like my company to be successful. BUT to date, a company wide policy to backup drives through the local domain network has NOT been instituted. So I make DVD copies of everything I do on at least a monthly basis and store them in plain sight and inform the IT department, whom I do trust.

    I am pushing as gently as possible for a domain wide backup system. I view it as personal work insurance because I know that some day my work computers' (5 of them) hard drives (15!) will crash. Maybe not all at once but all of them eventually will.

    I have already been approached to "re-invent" the projects I did for previous clients and employers because they have let their systems run without backups. I have made a little easy money doing the "same" old work over again as a consultant!

    So local backup is essential not only for legal reasons but it just might save either your's or the company's profit margin. The right $40 a month climate controlled storage locker where you have the key storing HDDs and DVDs makes more sense than something out of town and in the hands of who-knows-who!
    Xwindowsjunkie
  • Message has been deleted.

    Mingyueny